6.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
35.4%
An issue was discovered in Joomla! before 3.9.5. The “refresh list of helpsites” endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
developer.joomla.org/security-centre/778-20190402-core-helpsites-refresh-endpoint-callable-for-unauthenticated-users